Firewall Wizards mailing list archives
RE: VPN endpoints
From: "Smith, Aaron" <SmithA () byui edu>
Date: Wed, 25 Aug 2004 08:49:42 -0600
I think it really depends on the purpose of the VPN. I implemented a VPN solution that bypassed the firewall completely. Why? Because it is used for administrative network access, ie. in case the firewall was out of whack. For client access, my preference is to protect the VPN's external interface by putting it in the DMZ. Then put the internal interface inside. That way you can filter packets where they should be filtered--at the firewall. @@ron Smith "Let smiths perform the work of smiths." -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of hermit921 Sent: Tuesday, August 24, 2004 11:37 AM To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] VPN endpoints We are planning to put a VPN endpoint at our site for remote access. We know nothing about the remote client computers, we just provide an authentication mechanism for the users. The question concerns where we put the VPN endpoint on our network. I figure it this way: 2 VPN device interfaces, either of which can go outside the firewall, on a DMZ, or inside the firewall. That gives us 9 possible arrangements, some of which are ridiculous, but fun to consider. We came down to two configurations. One approach is putting the internal interface on a DMZ. The other approach is to have the VPN bypass the firewall entirely. I am looking for advice on which approach is better, and reasons why. hermit921 _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: VPN endpoints anyluser (Aug 26)
- <Possible follow-ups>
- VPN endpoints Adam Graham (Aug 26)
- RE: VPN endpoints Fetch, Brandon (Aug 26)
- RE: VPN endpoints Smith, Aaron (Aug 26)
- RE: VPN endpoints Melson, Paul (Aug 26)
- Re: VPN endpoints Rodel Collado Urani (Aug 30)
- Re: VPN endpoints Paul D. Robertson (Aug 30)
- Re: VPN endpoints Kevin Sheldrake (Aug 30)
- Re: VPN endpoints Devdas Bhagat (Aug 30)
- Re: VPN endpoints Paul D. Robertson (Aug 30)
- Re: VPN endpoints Devdas Bhagat (Aug 30)
- Re: VPN endpoints Paul D. Robertson (Aug 31)
- Re: VPN endpoints Devdas Bhagat (Aug 30)